Splunk on bubka hacks stuff

Splunk on bubka hacks stuffhttps://hexpysya.github.io/tags/splunk/Recent content in Splunk on bubka hacks stuffHugo -- gohugo.ioen-usWed, 15 Apr 2026 00:00:00 +0000Splunk-AWSRaidhttps://hexpysya.github.io/blue_team/splunk-awsraid/Wed, 15 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-awsraid/An attacker conducted a brute-force attack to compromise the helpdesk.luke account, performed reconnaissance from various VPN IPs, exfiltrated sensitive data including customer backups and secrets, modified bucket permissions, and established persistence by creating an admin backdoor account.Splunk-ShadowRoasthttps://hexpysya.github.io/blue_team/splunk-shadowroast/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-shadowroast/A masqueraded AdobeUpdater.exe binary established persistence via a registry Run key, injected into cmd.exe, performed AS-REP Roasting with Rubeus against four AD accounts, laterally moved to FileServer using cracked tcooper credentials, enabled RDP, and staged share data for exfiltration.Splunk-NerisBothttps://hexpysya.github.io/blue_team/splunk-nerisbot/Tue, 07 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-nerisbot/A victim host downloaded multiple malicious executables via HTTP, including Emotet, ransomware, and trojan payloads, detected through Suricata IDS alerts and confirmed malicious via VirusTotal.Splunk-T1110-003https://hexpysya.github.io/blue_team/splunk-t1110-003/Tue, 07 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-t1110-003/An attacker from 192.168.1.60 (Kali) conducted a 5-minute RDP password spraying attack against dev.cyberdefenders.org, generating 4302 failed logon attempts across multiple usernames, and successfully authenticated as administrator and five other accounts via RDP.THM-Phishing Unfoldinghttps://hexpysya.github.io/blue_team/thm-phishing-unfolding/Mon, 16 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/thm-phishing-unfolding/THM-Phishinghttps://hexpysya.github.io/blue_team/thm-phishing/Tue, 10 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/thm-phishing/Three phishing campaigns were identified across four alerts: a legitimate HR onboarding email (false positive), a fake Amazon delivery notification whose bit.ly link was blocked by the firewall, and a Microsoft account spoofing email from m1crosoftsupport.co whose link was allowed through the firewall